User's Guide
Table Of Contents
- ExtremeAnalytics® User GuideVersion 8.4
- Legal Notices
- Trademarks
- Contact
- Extreme Networks® Software License Agreement
- Table of Contents
- ExtremeAnalytics™ Help
- ExtremeAnalytics Licensing
- Configuring Enhanced Netflow for Extreme Analytics and Extreme Wireless Contr...
- How to Deploy ExtremeAnalytics in an MSP or MSSP Environment
- ExtremeAnalytics Tab Overview
- ExtremeAnalytics Dashboard Overview
- ExtremeAnalytics Insights Dashboard
- ExtremeAnalytics Tracked Applications Dashboard
- ExtremeAnalytics Browser Overview
- ExtremeAnalytics Application Flows
- ExtremeAnalytics Fingerprints Overview
- ExtremeAnalytics Custom Fingerprints
- Delete Custom Fingerprints
- Custom Fingerprint Examples
- Create Custom Fingerprints Based on Flow
- Create Custom Fingerprints Based on Destination Address
- Create Custom Fingerprints Based on Application or Application Group
- ExtremeAnalytics Packet Captures
- ExtremeAnalytics Configuration Overview
- Virtual Sensors
- ExtremeAnalytics Engine Advanced Configuration
- Flow Collection Type
- Collection Privacy Levels
- Client Aggregation
- Slow Client Data
- Max End-Systems in Hourly Details
- Sensor Log Levels
- Store Application Site Data
- ExtremeControl Integration
- Flow Sources/Application Telemetry Sources
- Web Credentials
- Configuration Properties
- Sensor Modules
- Auditing
- Network Settings
- ExtremeAnalytics Reports
- ExtremeAnalytics Report Descriptions
- Report Descriptions
- Analytics Events
- Bandwidth for a Client Over Time
- Interface Top Applications Treemap
- Sites Using the Most Bandwidth
- Most Popular Applications
- Most Used Applications for a Client
- Most Used Applications for a User Name
- Network Activity by Site
- Network Activity by Client
- Network Activity by Application
- Slowest Applications by Site
- Top Applications Group Radar
- Top Applications Radar
- Top Applications TreeMap
- Top Applications for Interface
- Top Applications for Server
- Top Clients by Interface
- Top Interfaces by Application
- Top N Applications
- Top N Clients
- Top N Servers
- Report Descriptions
- Add and Modify Fingerprints
- Add Fingerprints
- Enable or Disable Fingerprints
- Modify Fingerprints
- Update Fingerprints
- Custom Fingerprint Examples
- How to Deploy ExtremeAnalytics in an MSP or MSSP Environment
- ExtremeAnalytics Virtual Sensor Configuration in Extreme Management Center
- Stream Flow Data from ExtremeAnalytics into Splunk
- Stream Flow Data from ExtremeAnalytics into Elastic Stack
Fingerprints Based on a Destination Address
115 of 218
Fingerprints Based on a Destination Address
In both of the previous examples, you created a new custom fingerprint to cover
a case where no appropriate fingerprint existed. You may also want to create a
new fingerprint for traffic flows already identified as one application, but should
be categorized as something else.
For example, let's say you have a Git repository on your network. Git repositories
(a source code management system used in software development) are
frequently accessed via SSH on port 22 (the standard TCP port assigned for SSH
traffic). In this case, the SSH traffic flows is identified using the system SSH port-
based fingerprint.
But what if you would like to more closely monitor who is accessing the Git
repository? If you know you are running the Git server on a certain system
(10.20.117.102 port 22, for our example), you can create a custom fingerprint to
identify the Git traffic flows.
The fingerprint is based on one of the SSH flows using the IP address/port of the
Git server and have a higher confidence than the system port-based fingerprint.
The higher confidence fingerprint will override the lower confidence fingerprint
when determining a match for the traffic flow.
Use the following steps to create the fingerprint.
1. Select the Analytics tab in Extreme Management Center.
2. Select the Application Flows tab.
3. In the table, right-click on an SSH port-based flow with the Git server destination
address and select Fingerprints > Add Fingerprint.